xloader

General

Target

4a54677c5f20159f74c46a4dc990c69f_JaffaCakes118
Size

491KB
Sample

240331-cjtrdscd72
MD5

4a54677c5f20159f74c46a4dc990c69f
SHA1

b879afb455ca927b6acca59b38f77a2188857ed1
SHA256

d2aa010515bc8390084659013a1fd1e3e476e36ce46293281deb95c4469663f9
SHA512

990405692fbf867bd799d92e52b1378b2d7128c45ec0f6e53367830dbd811f5c33c42c1fefe5b5f4a34cab2d68be9aeffb6252da1557f6efdac142c74b151b60
SSDEEP

12288:gfSBNPdJaQmuRFuh9VAP1ZViSMlqj5hbwCeHggTGatOXExn/5fK:RBtSQm0M0vVAqj5RQHgWGcsEFk

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

b5ce

Decoy

advellerd.xyz

giasuvina.com

arab-xt-pro.com

ahsltu2ua4.com

trasportesemmanuel.com

kissimmeesoccercup.com

studyengland.com

m2volleyballclub.com

shyuehuan.com

elsml.com

blog-x-history.top

coditeu.com

allattachments.net

vigautruc.com

mentication.com

zambiaedu.xyz

filadelfiacenter.com

avlaborsourceinc.info

tameka-stewart.com

studio-cleo.com

Targets

- Target
  
  4a54677c5f20159f74c46a4dc990c69f_JaffaCakes118
- Size
  
  491KB
- MD5
  
  4a54677c5f20159f74c46a4dc990c69f
- SHA1
  
  b879afb455ca927b6acca59b38f77a2188857ed1
- SHA256
  
  d2aa010515bc8390084659013a1fd1e3e476e36ce46293281deb95c4469663f9
- SHA512
  
  990405692fbf867bd799d92e52b1378b2d7128c45ec0f6e53367830dbd811f5c33c42c1fefe5b5f4a34cab2d68be9aeffb6252da1557f6efdac142c74b151b60
- SSDEEP
  
  12288:gfSBNPdJaQmuRFuh9VAP1ZViSMlqj5hbwCeHggTGatOXExn/5fK:RBtSQm0M0vVAqj5RQHgWGcsEFk
Score

10^/10

xloader b5ce loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2